With rapid advance of technology, there are more and more types of mobile devices becoming available on the market. It seems like only years ago the devices that can generally be referred as mobile devices only include personal digital assistants and cellular phones. But today, recent development in mobile collaboration system had provided us with a variety of mobile devices, such as smart phones and tablet computers. Smart phones are among the most preferred mobile devices, which offer all the conveniences of a personal computer, along with a very small form factor. For instance, using a smart phone, a user is able to download and install an application from App Store, web surfing, on-line shopping, share information via social networking sites, check e-mails, play video games, and so on. Regardless all the conveniences that can be provided by smart phones, the use of smart phone can relatively create certain security risks to our privacy, especially when the smart phones of today are becoming more powerful for allowing more personal information to be registered in the smart phones. Comparing with conventional computing devices, smart phones are selected to be used by more and more users as pocket notebooks for storing sensitive personal information, such as personal details, personal address list, personal data shared on social networking sites, personal account for network transaction, information relating the exact where about of the smart phone user, document stored in the smart phone, and so on.
There are already many means available for protecting your personal information and prevent others from using your smart phone without your permission. One common general-purpose online access control mechanism is the screen lock, which can either be a PIN, a passphrase, or an Android pattern, and is to be used for keeping safe all the sensitive documents, passwords, and other credentials stored in a smart phone when such smart phone is lost or stolen. Currently, the PIN screen lock and the Android pattern screen lock are most commonly used in smart phones, whereas comparatively the Android pattern is preferred since Android pattern is easier to remember and input than PIN is. Nevertheless, those conventional screen locks are still very vulnerable to “smudge attack”, “shoulder surfing attack”, or even simply spying when a screen lock of weak password strength is used.
Taking an Android pattern screen lock for example, using which a user will be asked to draw or swipe a specified pattern on touch screen to unlock his/her phone. However, by doing so, your fingers will leave a grease trail on the touch screen, and thus any person with malicious intent can photograph the touch screen and process the captured image using a simple image processing software so as to obtain the Android pattern screen lock. For preventing the aforesaid smudge attack, instead of the touch screen, a camera mounted on a smart phone is used for detecting the moving trajectory of a user's hand that is drawing a specific pattern in air so as to input the Android pattern screen lock without leaving a grease trail. However, the drawing of an Android pattern screen lock on air, or the swiping of an Android pattern screen lock on a touch screen, or even the typing of a password can all be easily captured by any person with malicious intent either by watching or by photographing, and thereby, after cracking the screen lock, any data in your smart phone is accessible to the malicious person. Moreover, since the draw of an Android pattern screen lock is restricted by connecting the dots on the screen serially and sequentially from one dot to only its neighboring dot without double tapping on the same dot, and also since the detecting of a user's hand movement can only result a two-dimensional trajectory on a planar surface, thus the password strength of such Android pattern screen lock is weak that it can be cracked easily, and thus the overall risk to a security breach using such Android pattern screen lock is not satisfactory.